Sherwood in the twilight, is Robin Hood awake?
Grey and ghostly shadows are gliding through the brake,
Shadows of the dappled deer, dreaming of the morn,
Dreaming of a shadowy man that winds a shadowy horn.
Thus Alfred Noyes wrote of Sherwood Forest a hundred years ago. Flash forward to 2011, and his muse would find him writing of a shadowy tribe that wields a shadowy hack. Or so Anonymous would have us think.
The merry band of Internet rascals has been at it again, purportedly stealing from the rich to give to the poor. Yes, this time around, Anonymous seems actually to have been stealing money, rather than just causing damage and embarrassment through DDOS attacks.
The target was Stratfor, and at the time of this writing, its Website was still "undergoing maintenance." Stratfor (or Strategic Forecasting Inc.) is an Austin global intelligence business that delivers private political, economic, and military briefings to Fortune 500 companies and government agencies. It has been described as a "shadow CIA."
The Christmas Day newsflash revealed that members of Anonymous were trumpeting the theft of Stratfor's confidential client list, together with addresses and credit card data. The plan, according to the perpetrators, was to use the information to make Christmas donations.
This actually seems to have happened, with the group posting images of receipts from charities for gifts based on breached credit card accounts. Recipients reportedly included the Red Cross, CARE, and Save the Children.
Anonymous seems to have come up with a rich haul on this occasion. Analysts estimate that the hackers retrieved more than 50,000 unique credit card numbers and almost as many unique email addresses. The group also claims to have several million emails.
The damage is hard to quantify from the limited reports of fraudulent charges to credit cards that have so far emerged, but again, the ease with which exploits can be mounted against an enterprise that prides itself on the confidentiality and security of the information it holds is breathtaking.
Apart from the mere matter of it being criminal, there are some obvious flaws in Anonymous's "Robin Hood" strategy. These include the likelihood that fraudulent charges will simply be subject to a chargeback to the charities that received the money, and the possibility that the inadvertent donors are not all rich corporations.
For example, a Homeland Security Department employee reported fraudulent charges against his credit card, saying, "They took money I did not have. I think why me? I am not rich."
But wait. Was it an Anonymous hack after all? Responsibility was claimed by "Sabu," regarded by some as a leader of Anonymous. Some alleged Anonymous hacktivists have denied it, praising Stratfor as "a media source, protected by the freedom of press, a principle which Anonymous values greatly."
At which point the sane among us must shake our heads in disbelief and say something like -- whatever, dudes, if you're all going to be "anonymous," what do you expect? One thing's for sure: If those responsible for the latest attack end up in court, they won't be anonymous any longer.
— Kim Davis , Community Editor, Internet Evolution